%======================================================================
%----------------------------------------------------------------------
%               XX                           X
%                                            X
%               XX    XXX   XXX   XXX   XXX  X  XXXX
%                X   X   X X   X X   X X   X X X
%                X   XXXXX XXXXX XXXXX X     X  XXX
%                X   X     X     X     X   X X     X
%               XXX   XXX   XXX   XXX   XXX  X XXXX
%----------------------------------------------------------------------
%  	         SPECIFICATION FOR COMMON IEEE STYLES
%----------------------------------------------------------------------
%               Gregory L. Plett, Istv\'{a}n Koll\'{a}r.
%======================================================================
\documentclass[%
	%draft,
	%submission,
	%compressed,
	final,
	%
	%technote,
	%internal,
	%submitted,
	%inpress,
	%reprint,
	%
	%titlepage,
	notitlepage,
	%anonymous,
	narroweqnarray,
	inline,
	twoside,
        %invited,
        conference,
	]{ieee}

\newcommand{\latexiie}{\LaTeX2{\Large$_\varepsilon$}}

%\usepackage{ieeetsp}	% if you want the "trans. sig. pro." style
%\usepackage{ieeetc}	% if you want the "trans. comp." style
%\usepackage{ieeeimtc}	% if you want the IMTC conference style

% Use the `endfloat' package to move figures and tables to the end
% of the paper. Useful for `submission' mode.
%\usepackage {endfloat}

% Use the `times' package to use Helvetica and Times-Roman fonts
% instead of the standard Computer Modern fonts. Useful for the 
% IEEE Computer Society transactions.
%\usepackage{times}
% (Note: If you have the commercial package `mathtime,' (from 
% y&y (http://www.yandy.com), it is much better, but the `times' 
% package works too). So, if you have it...
%\usepackage {mathtime}

% for any plug-in code... insert it here. For example, the CDC style...
%\usepackage{ieeecdc}

\begin{document}

%----------------------------------------------------------------------
% Title Information, Abstract and Keywords
%----------------------------------------------------------------------
\title[CSCI634 Advanced Computer Networking Project Final Report]{%
       Performance Analysis of 802.11 Wireless Network Under Beacon Frame Spoofing in OPNET}

% format author this way for journal articles.
% MAKE SURE THERE ARE NO SPACES BEFORE A \member OR \authorinfo
% COMMAND (this also means `don't break the line before these
% commands).
\author{JI XUE\member{College of William and Mary},\authorinfo{Ji Xue is with the Department of Computer Science, College of William and Mary, Williamsburg, VA 23187--8795.
       Phone: $+$1\,517\,402--0379, e-mail: xueji0202@gmail.com}%
\and{   } JIAWEI WEN\member{College of William and Mary}\authorinfo{Jiawei Wen is with the Department of Computer Science, College of William and Mary, Williamsburg, VA 23187--8795.
       Phone: $+$1\,757\,234--5545, e-mail: jwen01@email.wm.edu}
\and{} YU FENG\member{College of William and Mary}\authorinfo{Yu Feng is with the Department of Computer Science, College of William and Mary, Williamsburg, VA 23187--8795.
       Phone: $+$1\,757\,291--3151, e-mail: yufeng@cs.wm.edu}
}

% format author this way for conference proceedings
%\author[PLETT AND KOLL\'{A}R]{%
        %Gregory L. Plett\member{Student Member},\authorinfo{%
        %Department of Electrical Engineering,\\ 
        %Stanford University, Stanford, CA 94305-9510.\\
        %Phone: $+$1\,650\,723-4769, email: glp@simoon.stanford.edu}%
%\and{}and%
%\and{}Istv\'{a}n Koll\'{a}r\member{Fellow}\authorinfo{%
        %Department of Measurement and Instrument Engineering,\\ 
        %Technical University of Budapest, 1521 Budapest, Hungary.\\
        %Phone: $+$\,36\,1\,463-1774, fax: +\,36\,1\,463-4112, 
        %email: kollar@mmt.bme.hu}
%}

%\journal{IEEE Trans.\ on Instrum.\ Meas.}
%\titletext{, VOL.\ 46, NO.\ 6, DECEMBER\ 1997}
%\ieeecopyright{0018--9456/97\$10.00 \copyright\ 1997 IEEE}
%\lognumber{xxxxxxx}
%\pubitemident{S 0018--9456(97)09426--6}
%\loginfo{Manuscript received September 27, 1997.}
\firstpage{1}

%\confplacedate{Ottawa, Canada, May 19--21, 1997}

\maketitle               

\begin{abstract} 
In this paper, we study the performance of IEEE 802.11 MAC protocol under different jammers. Here, we first propose and study a new intelligent jamming based on the periodic beacon frames. Then, we study another two jammers: a periodic jammer, which jams deterministically at a specified rate, and a constant jammer, which jams by continually transmitting interference signals.

Our study comprises of three parts: development of a new model for beacon frame spoofing, a simulation study of the performance of wireless networks under three kinds of jammers by using OPNET Modeler, and a theoretical  analysis of the throughput of 802.11 under different jamming. In our work, we develop an intelligent jammer that only jams at the beacon time by exploiting the crucial intervals of beacon frames. In our theoretical analysis, we study and compare the throughput of 802.11 under three kinds of jammers in the same environment by using OPNET Modeler. Through the simulation, we find the new intelligent jamming we propose is shown to be more efficient than the other two. 

\end{abstract}

\begin{keywords}
802.11 MAC protocol spoofing, beacon frame based jamming, periodical jamming, OPNET
\end{keywords}

%----------------------------------------------------------------------
% SECTION I: Introduction
%----------------------------------------------------------------------
\section{Introduction}

With the development of the technology, wireless networks have gained much popularity lately, to such an extent that we can find them in almost any aspect of our daily life. Mobile phones, PDAs and computers are some evident examples. The most popular implementation for local area networks is the standard IEEE 802.11, also known as Wi-Fi. However, since accessing wireless media is much easier than tapping a wired network, security becomes a serious concern when implementing any wireless network. 

For a jammer agnostic to the implementation details of the network, a typical jamming strategy is the continuous emission of high-power interference signals such as continuous wave tones, or FM modulated noise [1]. However, adopting an always-on jamming strategy has several disadvantages. First, the jammer has to expend a significant amount of energy to jam frequency bands of interest. Second, the continuous presence of high interference levels make this type of jamming easy to detect [2], [3], [4]. Third, these attacks are easy to mitigate either by spread spectrum communications [1], spatial retreats [4], or localization and removal of the jamming nodes.
Meanwhile, as Wi-Fi networks proliferated, more and more wireless attacks have been easily launched by a jammer with the knowledge of the security flaws of the protocol. In IEEE 802.11, management frames carry out critical tasks in those networks, but unfortunately these frames are not authenticated. This is probably the most important weakness of the protocol. As a result, it is possible for several many denial of service (DoS) attacks to be launched [5]-[7], including the new beacon frame spoofing we proposed in this paper. 

Motivated by these work, in our paper, we consider a new kind of intelligent jamming model by exploiting the flaw of  transmitting beacon frames in IEEE 802.11, which can achieve an efficient jamming result without high energy consumption. Beacon frame is one of the management frames in IEEE 802.11 based WLANs. Beacon frames are transmitted periodically to announce the presence of a Wireless LAN network by the Access Point (AP) in an infrastructure BSS. One important function of beacons frames is to maintain the connectivity between the clients and the AP. By exploiting the knowledge of beacon frames' periodical transmitting, a jammer can easily get to know the TX time of beacon frames. Then, the jammer only needs to send an interference packet in the TX time of beacon frames periodically to launch an intelligent attack. So when the beacon frames are being transmitted, they will be significantly interfered by the packet  sent by the jammer. As a consequence, other clients in the infrastructure basic service set (IBSS) will not receive the beacon frames. After several beacon losses, these clients will disconnect from the AP and the jammer, also called malicious client, will enjoy the whole AP resource. Compared with continuous jamming, the jammer is active for a short period of time, thus expending orders of magnitude less energy. Our contributions are summarized below:

\begin{itemize}
  \item We propose a new intelligent beacon frame based attack, which is the jammer only jams at the TX time of beacon frames;
  \item By using OPNET, we simulate three different jamming models in the same environment: an existing periodical jamming, a constant jamming and the new beacon frame base jamming;
  \item We compare the throughput of AP under different kinds of jamming models to demonstrate the effectiveness of our model and illustrate our model is the most efficient one among the three jamming models. 
\end{itemize}

The remainder of this paper is organized as follows. Section II, presents related work. In Section III, we describe the motivation and the approach we take to launch the beacon frame based jamming. In Section IV, we illustrate our evaluation plan to evaluate the effectiveness of our jamming model. In Section V, we present the details of simulation and analysis of three different jamming models by using OPNET. In Section VI, we conclude and talk about the future work.


%----------------------------------------------------------------------
% SECTION II: The Document Life-Cycle
%----------------------------------------------------------------------
\section{RELATED WORK}

Continuous jamming has been used as a denial-of-service (DoS) attack against voice communication since the 1940s [1]. Recently, several alternative jamming strategies have been demonstrated [2], [8], [3], [4]. Xu et. al. categorized jammers into four models, (a) a constant jammer that continuously emits noise, (b) a deceptive jammer that continuously broadcasts fabricated messages or replays old  ones, (c) a random jammer that alternates between periods of continuous jamming and inactivity, and (d) a reactive jammer who jams only when transmission activity is detected.
                                                                                                                                                             
Nowadays, the IEEE 802.11 MAC protocol is widely used and has been extensively analyzed with respect to various performance issues, including throughput, power control, fairness, as well as hidden terminal jamming problems [9, 10, 11].With the increased ease of building low-cost jammers and increased interest in studying DoS attacks, researchers have started studying the effect of adversarial jamming on 802.11 [12, 13,14].A recent series of studies analyses the energy-efficiency of several jamming techniques against 802.11 [14, 15]; they demonstrate through extensive simulations that intelligent jamming by concentrating jamming signals on control packets(e.g., CTS or ACK) is significantly more energy-efficient than jammers that are oblivious to the channel. In [14, 15], their performance measure of interest is the jammer energy needed to completely shut down the channel. Another related work studies the impact of periodic jammers on an 802.11 LAN supporting simultaneous Voice over IP (VoIP) connections through simulations [11], while [16] and [17] propose channel hopping and protocol hopping techniques to increase the robustness of 802.11.


%----------------------------------------------------------------------
% SECTION III: Specifications
%----------------------------------------------------------------------
\section{METHODOLOGY}

In 802.11 wireless network, a beacon frame, as it is shown in fig.1, 
\begin{figure}
\centering
\includegraphics{simulation/beaconframeseq.png}
\caption{ IEEE 802.11 beacon frame format(From wikipedia).}
\end{figure}
is used for several functions.
Mostly it works in a wireless network to synchronize the clocks of the nodes and to announce the existence of the
network as well as to transmit some necessary configuration
parameters to join it [5]. Other important functions of beacon
frames are related to the maintenance of the network. Beacon
frames are transmitted at regular intervals to allow the nodes
find and identify a network. Every wireless network needs a
coordinator in charge of transmitting beacon frames.[32]

It is well-known that there are a lot of security flaws in 
IEEE 802.11 network, one type of DoS attack is trying to use the weakness of
the sequential number in MAC layer through beacon frame.

%----------------------------------------------------------------------
\subsection{Beacon based attack}

In IEEE 802.11 network,the access point serves as a network referee. It provides
the priority mechanisms for the devices. An attacker could
spoof beacon frames using false clock values. Those values
would produce a maladjustment in the contention periods of
the stations, causing a DoS.[5]

More specifically, in one of our scenarios, we put a malicious workstation into the wireless network. It's easy for it to know the TX time of beacon frames. Then, the malicious machine only needs to send an interference packet in the TX time of beacon frames periodically to launch an intelligent attack. So when the beacon frames are being transmitted, they will be significantly interfered by the packet  sent by the jammer. As a consequence, other clients in the infrastructure basic service set (IBSS) will not receive the beacon frames. After several beacon losses, these clients will disconnect from the access point and the jammer, also called malicious client, will enjoy the whole resource from access point. Fig.2 shows one of the key method, named 'spoof', in our algorithm. 
\begin{figure}
\begin{center}
\includegraphics{simulation/beacon-spoof-code.png}
\caption{ Partial source code for generating beacon frame.}
\end{center}
\end{figure}

%----------------------------------------------------------------------
\subsection{Metrics}
Choosing the right metrics in the simulation is important for us to evaluate the validity 
of our design. In our following scenarios, we will use throughput of access point to evaluate
the influence the jammer to network. In terms of the efficiency for different jamming strategies, the following metrics are all relevant:
\begin{itemize}
\item Energy efficient
\item Low probability of detection
\item Strong DoS, complete if so desired
\item Maintain behavior consistent with or close to the
protocol standard
\item Authenticated or unauthenticated users
\item Strength against error correction algorithms
\end{itemize}
Among these factors, energy efficiency may be the most important metric for jammers of wireless networks that are expected to last a long time. So we mainly concern about the power consumption between a default periodic jammer and customized beacon frame jammer in our simulation.

Then we will simulate several wireless scenarios under OPNET and 
create a customized workstation as the malicious client to send packets 
based on previous strategy.
%----------------------------------------------------------------------
\subsection{OPNET Modeler}

OPNET [34] is a research oriented network simulation tool. It provides a comprehensive development environment for modeling and simulation of deployed wired and wireless networks. OPNET Modeler enables users to create customized models and to simulate various network scenarios. 

We used OPNET 14.5 to simulate WIFI under different type of jammers.
OPNET provides high-fidelity modeling, simulation, and analysis of wireless networks such as interference, transmitter/receiver characteristics, and full protocol stack, including MAC, routing, higher layer protocols, and applications. It also has the ability to incorporate node mobility and interconnect wire line transport networks [14].

\section{EVALUATION PLAN}

The simulation model we used is 802.11 Wireless LAN model (11Mbps). Fig.3 shows the initial scenario that is used in this paper to study the effects of jamming on network throughput. We have an 802.11b wireless network with seven similar workstations and an access point. The access point relays the messages between the seven nodes and is a bottleneck. 
\begin{figure}
\begin{center}
\includegraphics{simulation/wireless-nojam-scenario.png}
\caption{ A 50m $\times$ 50m office wireless network on campus.}
\end{center}
\end{figure}

The data rate for the network is nominally 11Mbps but the access point functions as a relay point with the workstation nodes randomly assigning any other node as destination node
and the access point must relay the message. Hence, the effective throughput must be less than 5.5 Mbps. All packets are transmitted with adequate power so there is never packet loss due to signal strength. The wireless attributes of the access point can be seen from fig.4,
\begin{figure}
\begin{center}
\includegraphics{simulation/ap-para.png}
\caption{ Parameters of Access Point in wireless network.}
\end{center}
\end{figure}
and its beacon interval is set to 0.02 secs initially. 

We are going to modify this scenario step by step  and add different types of jammers, including our customized beacon frame jammer, and evaluate the throughput of 
access point, respectively.

\subsection{Scenario with default periodic jammer of OPNET}
This scenario keeps the previous network, then we modify the scenario by adding a fixed periodic jammer. We place it closed to access point so as to make sure the accuracy of our simulation. We can take a look at the new scenario in fig.5.
\begin{figure}
\begin{center}
\includegraphics{simulation/periodic-senario.png}
\caption{ Wireless LAN with a default periodic jammer.}
\end{center}
\end{figure}

The jammer module is a transmitter of noise packets in 5 GHz in 802.11b spectrum. We use a pulsed jammer module[34] available in OPNET and its parameters are shown in fig.6.
\begin{figure}
\begin{center}
\includegraphics{simulation/periodic-para.png}
\caption{ Parameters of default periodic jammer in OPNET.}
\end{center}
\end{figure}
The jammer provides transmission on a single fixed frequency band which is
masked by a periodic pulse train in time. The source creates
and transmits packets for the duration of a pulse (here 2 $\mu$sec). The jammer has a pulse width which specifies the length of time (in seconds) a pulse is transmitted and a silence
width specifies the interval (in seconds) between pulses.

When a jammer is used in the scenario, the communication between the access point and the nodes
are affected. It sends useless packets to flood the network so the throughput of both access point and nodes are dropped significantly, even closed to zero.
\begin{figure}
\begin{center}
\includegraphics{simulation/nojam-vs-jam-thruput.png}
\caption{ Throughput comparison between normal scenario with periodic jammer.}
\end{center}
\end{figure}
A comparison throughput of access point between normal and periodic jammer scenario can be seen from fig.7.
\subsection{Scenario with a malicious machine containing our beacon spoofing algorithm}

This scenario keeps the previous wireless network, as we can see in fig.8,
\begin{figure}
\begin{center}
\includegraphics{simulation/beacon-spoof-scenario.png}
\caption{ Wireless LAN with beacon frame spoofing workstation.}
\end{center}
\end{figure}
but replaced the default periodic jammer with
a malicious workstation containing our customized beacon spoofing algorithm in its core model.
The goal of this malicious machine is not to drop the throughput to zero, but to reduce 
the overall throughput of access point considerably for a long period of time with less energy
consumption. And the result is quite encouraging, 
\begin{figure}
\begin{center}
\includegraphics{simulation/beacon-thruput.png}
\caption{ Throughput of Access Point under beacon frame spoofing.}
\end{center}
\end{figure}
As it can be seen from fig.9, when the malicious machine with beacon
frame spoofing was introduced, the throughput falls considerably to at most 0.60 packets/sec and keeps around 0.002 packets/sec most of the time.

This result indicates the feasibility of our strategy and we are going to walk into the detail energy consumption and analyze the cause in next section.
%----------------------------------------------------------------------
% SECTION VI: Wish List
%----------------------------------------------------------------------

%----------------------------------------------------------------------

\section{Simulation results and analysis}
\subsection{Throughput degradation}
\begin{figure}
\begin{center}
\includegraphics{simulation/beacon-power-throughput.png}
\caption{ Energy consumption and throughput of workstation under beacon frame spoofing.}
\end{center}
\end{figure}

\begin{figure}
\begin{center}
\includegraphics{simulation/beacon-power.png}
\caption{ Energy consumption of workstation under beacon frame spoofing.}
\end{center}
\end{figure}

\begin{figure}
\begin{center}
\includegraphics{simulation/perodic-power.png}
\caption{ Energy consumption of jammer under periodic scenario.}
\end{center}
\end{figure}
As we can see in figure 9--10, 
the significant degradation of stable throughput in both scenarios shows that both two jammers can effectively minimize AP's throughput. We can also see that the throughput degradation under the intelligent jammer has some latency. This is due to the preparation and synchronization period of beacon spoofing.

%----------------------------------------------------------------------
\subsection{Throughput degradation}

The jammers' sending energy consumption can be characterized as 
\[E = P \cdot {E_0}\]
where $E$ is the total energy consumed by the jammer, $P$ is the total number of packets sent, and $E_0$ represents for the energy consumed for sending a single packet.Theoretically the intelligent jammer will be more energy saving as it sends much fewer packets than the periodic jammer. However our simulation results show a different picture. Figure 11 and 12 give the result of average energy consumption of the two jammers. We can see that the periodic jammer has a lower energy consumption, which is contrary to the theoretical result. After analyzing we address that this is caused by the coarse-grained measurement of the energy consumption of the intelligent jammer. As the simulator measures the energy consumption of the whole workstation instead of the wireless network module, the total energy consumption acuired is more than that of the periodic jammer.

%----------------------------------------------------------------------
% SECTION VII: Conclusions
%----------------------------------------------------------------------

\section{Conclusions and future work}

In this paper, we evaluate the performance of IEEE 802.11 MAC protocol under various jamming attacks based on simulation results using OPNET. Our experimental results reveal that jamming misbehavior at the IEEE 802.11 MAC layer can result in performance degradation or even denial of service attacks in wireless networks. Specifically, our beacon frame spoofing based intelligent jamming method outperforms periodic jamming and constant jamming by reducing more than 90\% of the total network throughput while saving power consumption by about 50\%. Which means that intelligent jamming is effective and efficient.

Our future work consists of two main directions. One is to extend our intelligent jamming technique to a Ad Hoc network scenario. Theoretically beacon frame spoofing can work in Ad Hoc networks as they also use beacon frames that can suffer from the same kind of attacks. We can further evaluate the performance of different jamming techniques and make comparisons in this scenario.

We are as well as addressing our attention on detection and prevention of jamming attacks. As various wireless misbehavior detection methods have been developed, we would like to know whether intelligent jamming is sensitive to these detection or not. We might also try to improve the existing methods or propose our own to improve the detection accuracy on wireless misbehavior.

%----------------------------------------------------------------------
% The bibliography. This bibliography was generated using the following
% two lines:
%\bibliographystyle{IEEEbib}
%\bibliography{ieeecls}
% where, the contents of the ieeecls.bib file was:
%
%@book{lamport,
%        AUTHOR = "Leslie Lamport",
%         TITLE = "A Document Preparation System: {\LaTeX} User's Guide
%                  and Reference Manual",
%       EDITION = "Second",
%     PUBLISHER = "Addison-Wesley",
%       ADDRESS = "Reading, MA",
%          YEAR = 1994,
%          NOTE = "Be sure to get the updated version for \LaTeX2e!"
%}
%
%@book{goossens,
%        AUTHOR = "Michel Goossens and Frank Mittelbach and
%                  Alexander Samarin",
%         TITLE = "The {\LaTeX} Companion",
%     PUBLISHER = "Addison-Wesley",
%       ADDRESS = "Reading, MA",
%          YEAR = 1994,
%}
%
% The ieeecls.bbl file was manually included here to make the distribution
% of this paper easier. You need not do it for your own papers.



\begin{thebibliography}{1}

\bibitem{lamport}
M. Simon, J. Omura, R. Scholtz, and B. Levitt,
\newblock {\em Spread spectrum communications handbook},
\newblock McGraw-Hill Companies, 1994.

\bibitem{goossens}
G.Noubir and G.Lin,
\newblock {Poster: Low-Power DoS Attacks in Data Wireless LANs and Countermeasures},
\newblock  In MobiHoc , 2003.

\bibitem{lamport}
W. Xu, W. Trappe, Y. Zhang, and T. Wood,
\newblock {\em The feasibility of launching and detecting jamming attacks in wireless networks},
\newblock In Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing, 2005.

\bibitem{lamport}
W. Xu, T. Wood, W. Trappe, and Y. Zhang,
\newblock {\em Channel surfing and spatial retreats: defenses against wireless denial of service},
\newblock In Proceedings of the 3rd ACM workshop on Wireless security, 2004.

\bibitem{lamport}
W. A. Arbaugh, N. Shankar, and Y. J. Wan,
\newblock {\em Your 802.11 wireless network has no clothes},
\newblock In Wireless Communications, IEEE, 2002.

\bibitem{lamport}
J. Bellardo and S. Savage,
\newblock {\em 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions},
\newblock  In Usenix Security, 2003.

\bibitem{lamport}
C. Po¨pper, M. Strasser, and S. Cˇ apkun,
\newblock {\em Jamming-resistant broadcast communication without shared keys},
\newblock  In Proceedings of the USENIX Security Symposium, 2009.

\bibitem{lamport}
Bianchi, G,
\newblock {\em Performance analysis of the ieee802.11 distributed coordination function},
\newblock  In IEEE , 2000.

\bibitem{lamport}
Monks, J., Bharghavan, V., Hwu, W.,
\newblock {\em A power controlled multiple access protocol for wireless packet networks},
\newblock  In INFOCOMM , 2001.


\bibitem{goossens}
K. Pelechrinis, M. Iliofotou, and S. Krishnamurthy,
\newblock {Denial of Service Attacks in Wireless Networks: The case of Jammers},
\newblock  In IEEE, 2011.

\bibitem{lamport}
Bellardo, J., Savage, S.,
\newblock {\em 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions},
\newblock  In USENIX, 2003.

\bibitem{lamport}
Michael Hall Aki Silvennoinen, S.G.H.,
\newblock {\em Effect of  pulse jamming on IEEE 802.11 wireless LAN performance},
\newblock  In MILCOM, 2005.

\bibitem{lamport}
Thuente, D. J. and Acharya,
\newblock {Intelligent jamming in wireless networks with applications to 802.11b and other networks},
\newblock  In IEEE, 2006.

\bibitem{goossens}
MD. Thuente and M. Acharya,
\newblock {Intelligent Jamming in 802.11b Wireless Networks},
\newblock In OPNETWORK, 2004.

\bibitem{goossens}
Navda, V., Bohra, A., Ganguly, S., Rubenstein, D.,
\newblock {Using channel hopping to increase 802.11 resilience to jamming attacks},
\newblock In INFOCOM Minisymposium, 2007.

\bibitem{lamport}
X. Liu, G. Noubir, R. Sundaram, and S. Tan,
\newblock {SPREAD: Foiling Smart Jammers using Multi-layer Agility},
\newblock  In IEEE INFOCOM, mini-conference, 2007.

\bibitem{goossens}
Bayraktaroglu, E. King, C. Liu, X. Noubir, G. Rajaraman, and R. Thapa,
\newblock {On the performance of IEEE 802.11 under jamming},
\newblock  In INFOCOM, 2008.

\bibitem{goossens}
R. Gummadi, D. Wetheral, B. Greenstein, and S. Seshan,
\newblock {Understanding and Mitigating the Impact of RF Interference on 802.11 Networks},
\newblock  In ACM SIGCOMM, 2007.

\bibitem{goossens}
A. Sampath, H. Dai, H. Zheng, and B. Y. Zhao,
\newblock {Multichannel Jamming Attachs using Cognitive Radios},
\newblock IEEE ICCCN, 2007.

\bibitem{goossens}
M. Li, I. Koutsopoulos, and R. Pooverdan,
\newblock {\em The {\LaTeX} Companion},
\newblock Addison-Wesley, Reading, MA, 1994.

\bibitem{goossens}
Michel Goossens, Frank Mittelbach, and Alexander Samarin,
\newblock {Optimal Jamming Attacks and Network Defenses Policies in Wireless Sensor Networks},
\newblock  In Proceedings of IEEE INFOCOM 2007.

\bibitem{lamport}
I. Martinovic, P. Pichota, and J. B. Schmitt,
\newblock {Jamming for Good: A Fresh Approach to Authentic Communication in WSNs},
\newblock  In ACM WiSec, 2009.

\bibitem{goossens}
K. Pelechrinis, I. Koutsopoulos, I. Broustis and S.V. Krishnamurthy,
\newblock {Lightweight Jammer Localization in Wireless Networks: System Design and Implementation},
\newblock  In Globecom, 2009.

\bibitem{goossens}
H. Song, S. Zhu, G. Cao,
\newblock {Attack-Resilient Time Synchronization for Wireless Sensor Networks},
\newblock In: 2nd IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS05), Washington, DC, November 2005.

\bibitem{goossens}
A. A. C´ardenas, S. Radosavac, and J. S. Baras,
\newblock {Detection and prevention
of MAC layer misbehavior in ad hoc networks},
\newblock  in SASN, S. Setia and V. Swarup, Eds. ACM, 2004, pp. 17–22.

\bibitem{lamport}
 J. Yeo, M. Youssef, and A. Agrawala,
\newblock {A framework for wireless LAN
monitoring and its applications},
\newblock  in WiSe ’04: Proceedings of the 2004
ACM workshop on Wireless security. New York, NY, USA: ACM Press,
2004, pp. 70–79.

\bibitem{goossens}
P. LaRoche and A. N. Zincir-Heywood,
\newblock {802.11 network
intrusion detection using genetic programming},
\newblock  in Genetic and
Evolutionary Computation Conference (GECCO2005) workshop
program. Washington, D.C., USA, 2005.

\bibitem{goossens}
 D. D. F. G. K. Yallapu and M. Kaniganti,
\newblock {Multilevel monitoring
and detection systems (MMDS)},
\newblock  in Proceedings of the 15th Annual
Computer Security Incident Handling Conference (FIRST), Ottawa,
Canada, June 22-27 2003.

\bibitem{goossens}
 A. D. Stefano, A. Scaglione, G. Terrazzino, I. Tinnirello, V. Ammirata,
L. Scalia, G. , and C. Giaconia,
\newblock {Wifi does not imply 802.11
standard compliancy: experimental results},
\newblock  in The Wireless Internet conference (WICON), July 2004.

\bibitem{lamport}
A. Mishra and W. A. Arbaugh,
\newblock {An initial security analysis of
the ieee 802.1x standard},
\newblock University of Maryland, Tech. Rep.
CS-TR-4328, Feb 2002.

\bibitem{goossens}
 F. Guo and T. cker Chiueh,
\newblock {Sequence number-based MAC address spoof
detection},
\newblock  in Proceedings of the 9th international symposium on recent
advances on intrusion detection, RAID, 2005.

\bibitem{goossens}
Urko Zurutuza, Roberto Uribeetxeberria, Jesus Lizarraga, Ainhoa Serna,
\newblock { Beacon Frame Spoofing Attack
Detection in IEEE 802.11 Networks},
\newblock in Proceedings of the 2008 Third
International Conference on Availability, Reliability and Security,
Washington, DC, USA, 2008.

\bibitem{goossens}
W. A. Arbaugh, N. Shankar, and Y. J. Wan,
\newblock {“Your 802.11 wireless
network has no clothes},
\newblock  Wireless Communications, IEEE, vol. 9, no. 1, pp. 44–51, 2002..

\bibitem{goossens}
OPNET module library: 
\begin{verbatim}
http://www.opnet.com/solutions/network_rd/
simulation_model_library/
\end{verbatim}

\end{thebibliography}

%----------------------------------------------------------------------

\begin{biography}[simulation/yufeng.png]{Yu Feng} 
was born in GuangXi, CHINA, in 1982. He is a Ph.D. student
 in the Computer Science Department at College of William and 
Mary. He received his M.Sc. in computer science from Beihang
 University in May 2008. His current research interests are in software 
engineering, network security and wireless computing systems.
\end{biography}


\begin{biography}[simulation/xueji.png]{Ji Xue} 
was born in Jiangsu, China, in 1990. He graduated  in computer
science from Beihang University and got his Bachelor degree in 
2012. Now he is a Ph.D student in the Computer Science Department 
at College of William and Mary. His research interests are artificial
intelligence and network security.
\end{biography}

\begin{biography}[simulation/jiawei.png]{Jiawei Wen} 
was born in Wuhan, CHINA, in 1988. He received his bachelor's degree of 
computer science from the Huazhong University of Science and Technology in 2010. At present
he is a computer science Ph.D. student at the College of William and Mary.
His current research interests are in programming language, network security and sensor.

\end{biography}

\end{document}
